This patch add cs checker to r600/r700 hw. Command stream checking
will rewrite some of the cs value in order to restrict GPU access
to BO size. This doesn't break old userspace but just enforce safe
value. It should break any things that was using the r600/r700 cs
ioctl to do forbidden things (malicious software), though we are
not aware of such things.
Here is the list of thing we check :
- enforcing resource size
- enforcing color buffer slice tile max, will restrict cb access
- enforcing db buffer slice tile max, will restrict db access
We don't check for shader bigger than the BO in which they are
supposed to be, such use would lead to GPU lockup and is harmless
from security POV, as far as we can tell (note that even checking
for this wouldn't prevent someone to write bogus shader that lead
to lockup).
This patch has received as much testing as humanly possible with
old userspace to check that it didn't break such configuration.
However not all the applications out there were tested, thus it
might broke some odd, rare applications.
[airlied: fix rules for cs checker for parallel builds]
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Add missing vertex shader regs for r200.
fixed fdo bug 26061
agd5f: use official reg names
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
This adds the command stream checker for the RN50, R100 and R200 cards.
It stops any access to 3D registers on RN50, and does checks
on buffer sizes on the r100/r200 cards. It also fixes some texture
sizing checks on r300.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Previously we just made these offline and included them,
but no reason we can't generate them at build time.
TODO: add rs690 + r100/r200 when done.
should we do rs480/rs690 no tcl version?
Signed-off-by: Dave Airlie <airlied@redhat.com>
